gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hierarchy中,使用垃圾回收方式释放compile,避免bool_matcher命中已删除的compile后,从而非法内存访问导致段错误。 修复 TSG-6548

Browse Source
This commit is contained in:
zhengchao
2021-06-01 21:40:20 +08:00
parent 7980d87924
commit fe73ef1156
4 changed files with 27 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/entry/Maat_hierarchy.cpp
View File

@@ -2,7 +2,6 @@
#include "Maat_hierarchy.h" #include "Maat_hierarchy.h"
#include "Maat_utils.h" #include "Maat_utils.h"
#include "Maat_limits.h" #include "Maat_limits.h"
#include "uthash/uthash.h" #include "uthash/uthash.h"
#include "uthash/utarray.h" #include "uthash/utarray.h"
#include "igraph/igraph.h" #include "igraph/igraph.h"
@@ -122,7 +121,7 @@ struct Maat_hierarchy
igraph_integer_t grp_vertex_id_generator; igraph_integer_t grp_vertex_id_generator;
int thread_num; int thread_num;
struct Maat_garbage_bin* garbage_bin; struct Maat_garbage_bin* ref_garbage_bin;
void* logger; void* logger;
void **expr_match_buff; void **expr_match_buff;
}; };
@@ -285,16 +284,12 @@ static struct Maat_hierarchy_compile* Maat_hierarchy_compile_new(struct Maat_hie
} }
return compile; return compile;
} }
static void Maat_hierarchy_compile_free(struct Maat_hierarchy* hier, struct Maat_hierarchy_compile* compile) static void Maat_hierarchy_compile_free(struct Maat_hierarchy_compile* compile)
{ {
int i=0; int i=0;
struct Maat_hierarchy_clause_state* clause_state=NULL; struct Maat_hierarchy_clause_state* clause_state=NULL;
HASH_DEL(hier->hash_compile_by_id, compile); //user_data must be freed before calling this function.
if(compile->user_data && hier->compile_user_data_free) assert(compile->user_data==NULL);
{
hier->compile_user_data_free(compile->user_data);
compile->user_data=NULL;
}
for(i=0; i<MAX_ITEMS_PER_BOOL_EXPR; i++) for(i=0; i<MAX_ITEMS_PER_BOOL_EXPR; i++)
{ {
clause_state=compile->clause_states+i; clause_state=compile->clause_states+i;
@@ -333,7 +328,7 @@ static void Maat_hierarchy_region_free(struct Maat_hierarchy* hier, struct Maat_
} }
struct Maat_hierarchy* Maat_hierarchy_new(int thread_num, void* mesa_handle_logger) struct Maat_hierarchy* Maat_hierarchy_new(int thread_num, void* mesa_handle_logger, struct Maat_garbage_bin* bin)
{ {
struct Maat_hierarchy* hier=ALLOC(struct Maat_hierarchy, 1); struct Maat_hierarchy* hier=ALLOC(struct Maat_hierarchy, 1);
int ret=0; int ret=0;
@@ -348,7 +343,7 @@ struct Maat_hierarchy* Maat_hierarchy_new(int thread_num, void* mesa_handle_logg
hier->hash_region_by_id=NULL; hier->hash_region_by_id=NULL;
hier->hash_dedup_clause_by_literals=NULL; hier->hash_dedup_clause_by_literals=NULL;
hier->clause_id_generator=0; hier->clause_id_generator=0;
hier->ref_garbage_bin=bin;
hier->expr_match_buff=ALLOC(void*, thread_num*MAX_SCANNER_HIT_NUM); hier->expr_match_buff=ALLOC(void*, thread_num*MAX_SCANNER_HIT_NUM);
ret=igraph_empty(&hier->group_graph, 0, IGRAPH_DIRECTED); ret=igraph_empty(&hier->group_graph, 0, IGRAPH_DIRECTED);
@@ -371,7 +366,13 @@ void Maat_hierarchy_free(struct Maat_hierarchy* hier)
//and sets its pointer to NULL. //and sets its pointer to NULL.
HASH_ITER(hh, hier->hash_compile_by_id, compile, tmp_compile) HASH_ITER(hh, hier->hash_compile_by_id, compile, tmp_compile)
{ {
Maat_hierarchy_compile_free(hier, compile); if(hier->compile_user_data_free && compile->user_data)
{
hier->compile_user_data_free(compile->user_data);
compile->user_data=NULL;
}
HASH_DEL(hier->hash_compile_by_id, compile);
Maat_hierarchy_compile_free(compile);
} }
assert(hier->hash_compile_by_id==NULL); assert(hier->hash_compile_by_id==NULL);
@@ -469,7 +470,8 @@ int Maat_hierarchy_compile_remove(struct Maat_hierarchy * hier, int compile_id)
} }
if(compile->actual_clause_num==0) if(compile->actual_clause_num==0)
{ {
Maat_hierarchy_compile_free(hier, compile); HASH_DEL(hier->hash_compile_by_id, compile);
Maat_garbage_bagging(hier->ref_garbage_bin, compile, (void (*)(void*))Maat_hierarchy_compile_free);
} }
ret=0; ret=0;
} }
@@ -674,7 +676,8 @@ int Maat_hierarchy_remove_group_from_compile(struct Maat_hierarchy* hier, int gr
} }
if(compile->actual_clause_num==0 && !compile->user_data) if(compile->actual_clause_num==0 && !compile->user_data)
{ {
Maat_hierarchy_compile_free(hier, compile); HASH_DEL(hier->hash_compile_by_id, compile);
Maat_garbage_bagging(hier->ref_garbage_bin, compile, (void (*)(void*))Maat_hierarchy_compile_free);
} }
pthread_rwlock_unlock(&hier->rwlock); pthread_rwlock_unlock(&hier->rwlock);
return 0; return 0;
@@ -1370,6 +1373,10 @@ int Maat_hierarchy_region_compile(struct Maat_hierarchy* hier, struct Maat_hiera
{ {
compile=(struct Maat_hierarchy_compile*)expr_match[i]; compile=(struct Maat_hierarchy_compile*)expr_match[i];
assert(compile->magic==MAAT_HIER_COMPILE_MAGIC); assert(compile->magic==MAAT_HIER_COMPILE_MAGIC);
if(compile->actual_clause_num==0)
{
continue;
}
r_in_c_cnt=Maat_hierarchy_compile_mid_update_by_compile(hier, mid, compile); r_in_c_cnt=Maat_hierarchy_compile_mid_update_by_compile(hier, mid, compile);
if(compile->not_clause_cnt>0 && !is_last_compile) if(compile->not_clause_cnt>0 && !is_last_compile)
{ {

2
src/entry/Maat_rule.cpp
View File

@@ -759,7 +759,7 @@ struct Maat_scanner* create_maat_scanner(unsigned int version, _Maat_feather_t *
struct Maat_scanner* scanner=NULL; struct Maat_scanner* scanner=NULL;
scanner=ALLOC(struct Maat_scanner, 1); scanner=ALLOC(struct Maat_scanner, 1);
scanner->hier=Maat_hierarchy_new(scan_thread_num, feather->logger); scanner->hier=Maat_hierarchy_new(scan_thread_num, feather->logger, feather->garbage_bin);
Maat_hierarchy_set_compile_user_data_free_func(scanner->hier, (void (*)(void*))destroy_compile_rule); Maat_hierarchy_set_compile_user_data_free_func(scanner->hier, (void (*)(void*))destroy_compile_rule);
Maat_hierarchy_set_region_user_data_free_func(scanner->hier, (void (*)(void*))Maat_region_inner_free); Maat_hierarchy_set_region_user_data_free_func(scanner->hier, (void (*)(void*))Maat_region_inner_free);

3
src/inc_internal/Maat_hierarchy.h
View File

@@ -1,10 +1,11 @@
#pragma once #pragma once
#include "Maat_rule.h" #include "Maat_rule.h"
#include "Maat_garbage_collection.h"
#include <sys/queue.h> #include <sys/queue.h>
struct Maat_hierarchy; struct Maat_hierarchy;
struct Maat_hierarchy* Maat_hierarchy_new(int thread_num, void* mesa_handle_logger); struct Maat_hierarchy* Maat_hierarchy_new(int thread_num, void* mesa_handle_logger, struct Maat_garbage_bin* bin);
void Maat_hierarchy_free(struct Maat_hierarchy* hier); void Maat_hierarchy_free(struct Maat_hierarchy* hier);
void Maat_hierarchy_set_compile_user_data_free_func(struct Maat_hierarchy* hier, void (* func)(void *)); void Maat_hierarchy_set_compile_user_data_free_func(struct Maat_hierarchy* hier, void (* func)(void *));
void Maat_hierarchy_set_region_user_data_free_func(struct Maat_hierarchy* hier, void (* func)(void *)); void Maat_hierarchy_set_region_user_data_free_func(struct Maat_hierarchy* hier, void (* func)(void *));

2
test/test_maatframe.cpp
View File

@@ -4145,7 +4145,7 @@ TEST_F(MaatCmdTest, CompileDelete_TSG6548)
time_t update_time=time(NULL); time_t update_time=time(NULL);
time_t now=update_time; time_t now=update_time;
while(now-update_time<60) while(now-update_time<3)
{ {
ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid, 0); ret=Maat_scan_proto_addr(feather,table_id, &ipv4_addr, 6, result, 4, &mid, 0);
if(ret>0) if(ret>0)